mirror of
https://github.com/rzmk/learnhouse.git
synced 2025-12-19 04:19:25 +00:00
fix: mutations issues + trail + next canary bump
This commit is contained in:
swve
parent
7583752362
commit
5cbf9f809c
11 changed files with 205 additions and 121 deletions
|
|
@ -46,8 +46,7 @@ async def verify_user_rights_with_roles(request: Request, action: str, user_id:
|
|||
|
||||
# Check if user is anonymous
|
||||
if user_id == "anonymous":
|
||||
raise HTTPException(
|
||||
status_code=status.HTTP_403_FORBIDDEN, detail="The ressource you are trying to access is not publicly available")
|
||||
return False
|
||||
|
||||
# Check if the user is an admin
|
||||
user: UserInDB = UserInDB(**await users.find_one({"user_id": user_id}))
|
||||
|
|
|
|||
|
|
@ -21,6 +21,7 @@ class ActivityInDB(Activity):
|
|||
creationDate: str
|
||||
updateDate: str
|
||||
|
||||
|
||||
#### Classes ####################################################
|
||||
|
||||
|
||||
|
|
@ -29,58 +30,102 @@ class ActivityInDB(Activity):
|
|||
####################################################
|
||||
|
||||
|
||||
async def create_activity(request: Request, activity_object: Activity, org_id: str, coursechapter_id: str, current_user: PublicUser):
|
||||
async def create_activity(
|
||||
request: Request,
|
||||
activity_object: Activity,
|
||||
org_id: str,
|
||||
coursechapter_id: str,
|
||||
current_user: PublicUser,
|
||||
):
|
||||
activities = request.app.db["activities"]
|
||||
courses = request.app.db["courses"]
|
||||
|
||||
# generate activity_id
|
||||
activity_id = str(f"activity_{uuid4()}")
|
||||
|
||||
hasRoleRights = await verify_user_rights_with_roles(request, "create", current_user.user_id, activity_id, org_id)
|
||||
hasRoleRights = await verify_user_rights_with_roles(
|
||||
request, "create", current_user.user_id, activity_id, org_id
|
||||
)
|
||||
|
||||
if not hasRoleRights:
|
||||
raise HTTPException(
|
||||
status_code=status.HTTP_409_CONFLICT, detail="Roles : Insufficient rights to perform this action")
|
||||
status_code=status.HTTP_409_CONFLICT,
|
||||
detail="Roles : Insufficient rights to perform this action",
|
||||
)
|
||||
|
||||
# create activity
|
||||
activity = ActivityInDB(**activity_object.dict(), creationDate=str(
|
||||
datetime.now()), coursechapter_id=coursechapter_id, updateDate=str(datetime.now()), activity_id=activity_id, org_id=org_id)
|
||||
activity = ActivityInDB(
|
||||
**activity_object.dict(),
|
||||
creationDate=str(datetime.now()),
|
||||
coursechapter_id=coursechapter_id,
|
||||
updateDate=str(datetime.now()),
|
||||
activity_id=activity_id,
|
||||
org_id=org_id,
|
||||
)
|
||||
await activities.insert_one(activity.dict())
|
||||
|
||||
# update chapter
|
||||
await courses.update_one({"chapters_content.coursechapter_id": coursechapter_id}, {
|
||||
"$addToSet": {"chapters_content.$.activities": activity_id}})
|
||||
await courses.update_one(
|
||||
{"chapters_content.coursechapter_id": coursechapter_id},
|
||||
{"$addToSet": {"chapters_content.$.activities": activity_id}},
|
||||
)
|
||||
|
||||
return activity
|
||||
|
||||
|
||||
async def get_activity(request: Request, activity_id: str, current_user: PublicUser):
|
||||
activities = request.app.db["activities"]
|
||||
courses = request.app.db["courses"]
|
||||
|
||||
activity = await activities.find_one({"activity_id": activity_id})
|
||||
|
||||
# verify course rights
|
||||
hasRoleRights = await verify_user_rights_with_roles(request, "read", current_user.user_id, activity_id, element_org_id=activity["org_id"])
|
||||
# get course_id from activity
|
||||
coursechapter_id = activity["coursechapter_id"]
|
||||
course = await courses.find_one({"chapters": coursechapter_id})
|
||||
|
||||
if not hasRoleRights:
|
||||
isCoursePublic = course["public"]
|
||||
|
||||
# verify course rights
|
||||
hasRoleRights = await verify_user_rights_with_roles(
|
||||
request,
|
||||
"read",
|
||||
current_user.user_id,
|
||||
activity_id,
|
||||
element_org_id=activity["org_id"],
|
||||
)
|
||||
|
||||
if not hasRoleRights and not isCoursePublic:
|
||||
raise HTTPException(
|
||||
status_code=status.HTTP_409_CONFLICT, detail="Roles : Insufficient rights to perform this action")
|
||||
status_code=status.HTTP_409_CONFLICT,
|
||||
detail="Roles : Insufficient rights to perform this action",
|
||||
)
|
||||
|
||||
if not activity:
|
||||
raise HTTPException(
|
||||
status_code=status.HTTP_409_CONFLICT, detail="Course does not exist")
|
||||
status_code=status.HTTP_409_CONFLICT, detail="Course does not exist"
|
||||
)
|
||||
|
||||
activity = ActivityInDB(**activity)
|
||||
return activity
|
||||
|
||||
|
||||
async def update_activity(request: Request, activity_object: Activity, activity_id: str, current_user: PublicUser):
|
||||
|
||||
async def update_activity(
|
||||
request: Request,
|
||||
activity_object: Activity,
|
||||
activity_id: str,
|
||||
current_user: PublicUser,
|
||||
):
|
||||
activities = request.app.db["activities"]
|
||||
|
||||
activity = await activities.find_one({"activity_id": activity_id})
|
||||
# verify course rights
|
||||
await verify_user_rights_with_roles(request, "update", current_user.user_id, activity_id, element_org_id=activity["org_id"])
|
||||
await verify_user_rights_with_roles(
|
||||
request,
|
||||
"update",
|
||||
current_user.user_id,
|
||||
activity_id,
|
||||
element_org_id=activity["org_id"],
|
||||
)
|
||||
|
||||
if activity:
|
||||
creationDate = activity["creationDate"]
|
||||
|
|
@ -89,30 +134,44 @@ async def update_activity(request: Request, activity_object: Activity, activity_
|
|||
datetime_object = datetime.now()
|
||||
|
||||
updated_course = ActivityInDB(
|
||||
activity_id=activity_id, coursechapter_id=activity["coursechapter_id"], creationDate=creationDate, updateDate=str(datetime_object), org_id=activity["org_id"], **activity_object.dict())
|
||||
activity_id=activity_id,
|
||||
coursechapter_id=activity["coursechapter_id"],
|
||||
creationDate=creationDate,
|
||||
updateDate=str(datetime_object),
|
||||
org_id=activity["org_id"],
|
||||
**activity_object.dict(),
|
||||
)
|
||||
|
||||
await activities.update_one({"activity_id": activity_id}, {
|
||||
"$set": updated_course.dict()})
|
||||
await activities.update_one(
|
||||
{"activity_id": activity_id}, {"$set": updated_course.dict()}
|
||||
)
|
||||
|
||||
return ActivityInDB(**updated_course.dict())
|
||||
|
||||
else:
|
||||
raise HTTPException(
|
||||
status_code=status.HTTP_409_CONFLICT, detail="activity does not exist")
|
||||
status_code=status.HTTP_409_CONFLICT, detail="activity does not exist"
|
||||
)
|
||||
|
||||
|
||||
async def delete_activity(request: Request, activity_id: str, current_user: PublicUser):
|
||||
|
||||
activities = request.app.db["activities"]
|
||||
|
||||
activity = await activities.find_one({"activity_id": activity_id})
|
||||
|
||||
# verify course rights
|
||||
await verify_user_rights_with_roles(request, "delete", current_user.user_id, activity_id, element_org_id=activity["org_id"])
|
||||
await verify_user_rights_with_roles(
|
||||
request,
|
||||
"delete",
|
||||
current_user.user_id,
|
||||
activity_id,
|
||||
element_org_id=activity["org_id"],
|
||||
)
|
||||
|
||||
if not activity:
|
||||
raise HTTPException(
|
||||
status_code=status.HTTP_409_CONFLICT, detail="activity does not exist")
|
||||
status_code=status.HTTP_409_CONFLICT, detail="activity does not exist"
|
||||
)
|
||||
|
||||
isDeleted = await activities.delete_one({"activity_id": activity_id})
|
||||
|
||||
|
|
@ -120,26 +179,30 @@ async def delete_activity(request: Request, activity_id: str, current_user: Publ
|
|||
return {"detail": "activity deleted"}
|
||||
else:
|
||||
raise HTTPException(
|
||||
status_code=status.HTTP_503_SERVICE_UNAVAILABLE, detail="Unavailable database")
|
||||
status_code=status.HTTP_503_SERVICE_UNAVAILABLE,
|
||||
detail="Unavailable database",
|
||||
)
|
||||
|
||||
|
||||
####################################################
|
||||
# Misc
|
||||
####################################################
|
||||
|
||||
|
||||
async def get_activities(request: Request, coursechapter_id: str, current_user: PublicUser):
|
||||
async def get_activities(
|
||||
request: Request, coursechapter_id: str, current_user: PublicUser
|
||||
):
|
||||
activities = request.app.db["activities"]
|
||||
|
||||
# TODO : TERRIBLE SECURITY ISSUE HERE, NEED TO FIX ASAP
|
||||
# TODO : TERRIBLE SECURITY ISSUE HERE, NEED TO FIX ASAP
|
||||
# TODO : TERRIBLE SECURITY ISSUE HERE, NEED TO FIX ASAP
|
||||
|
||||
activities = activities.find({"coursechapter_id": coursechapter_id})
|
||||
|
||||
if not activities:
|
||||
raise HTTPException(
|
||||
status_code=status.HTTP_409_CONFLICT, detail="Course does not exist")
|
||||
status_code=status.HTTP_409_CONFLICT, detail="Course does not exist"
|
||||
)
|
||||
|
||||
activities = [ActivityInDB(**activity) for activity in await activities.to_list(length=100)]
|
||||
activities = [
|
||||
ActivityInDB(**activity) for activity in await activities.to_list(length=100)
|
||||
]
|
||||
|
||||
return activities
|
||||
|
|
|
|||
|
|
@ -174,7 +174,7 @@ async def add_activity_to_trail(request: Request, user: PublicUser, course_id:
|
|||
# modify trail object
|
||||
await trails.replace_one({"trail_id": trail["trail_id"]}, trail)
|
||||
|
||||
return Trail(**trail.dict())
|
||||
return Trail(**trail)
|
||||
|
||||
|
||||
async def add_course_to_trail(request: Request, user: PublicUser, orgslug: str, course_id: str) -> Trail:
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue